Brief on AWS IAM
IAM in Nutshell
- Identity Access Management
- Web service that helps you securely control access to AWS resources
- Allows to assign permission to group of users
- Integrates well with Active Directory
- Access auditing using CloudTrail to monitor the activties of any account/group
How IAM Works ?
4 key concepts :
- Users : Indicates specific individuals
- Group : Set or collection of users
- Roles : Set or collection of policies (s3 read / s3 write)
- Policies : Low level permission to resources (dey/allow)
Best practices
- Use Least Priviledge model : Tightens Security and avoids unnecesaary issues (like loss of data , table ,etc)
- Be vigilant while changing policies : Tightens Security
User Accessing AWS resources using IAM
More details are here
Example of S3 Read policy
{
"Id": "Policy123455678",
"Version": "2012-10-19",
"Statement": [
{
"Sid": "Stmt1889900011111",
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::debaditya.com",
"Principal": "*"
}
]
}